Re: Tomcat 8 Session Timeout
Hi Chris - I added this value to the Engine container - backgroundProcessorDelay="20" This has made a big improvement - there is much more frequent clear down of the sessions. Is there a config setting for maximum session age? The reason for asking is that in a REST stateless environment the concept is to tear down after each request is served. However - this may have performance implications for Tomcat. Are there any best practices papers / pointers for stateless setup? Theo From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 04/09/2015 18:39 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/4/15 6:14 AM, theo.swe...@avios.com wrote: > Hi Chris - the servlet spec states "If the time out is 0 or less, > the container ensures the default behavior of sessions is never to > time out." > > Currently the timeout value is set to 2 minutes. > > However the problem is persisting - the environment is using > Jersery Servlet 1.3 for REST. > > If we look inside web service stats - > > Longest session alive time: 183 s / Processing time: 625 ms Longest > session alive time: 207 s / Processing time: 232 ms > > The current session timeout is set to 120 seconds, so neither of > these above session times make any sense, unless a dependency is > hanging? Remember that the session timeout is not session age. If you have a process which is touching the session more often than every 2 minutes or so, then the session will live indefinitely. Is the background processing thread still running? If it dies, your sessions will never time out. Also, the background processing thread is the thread that reaps old sessions... if you have the background processor thread set to run infrequently, you'll see the behavior you describe. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6dciAAoJEBzwKT+lPKRYyogP+wfP5lNV8SxFTNDmiwLYxG/9 GnUxSQN8rQmWI6r1pl4UpWU+WFoUtL2BCTfnUuH2qP6Pg0KWn46P4Lon5XnThEqk 4mnHNCe4NYdGlw4rvVYgdy4zTP62hFvSm3ECb/QkZ1gcO1f8w4+0wqZh5k1g+0PQ HkOg9SYSHRAUUKtG2YBPZWbEMnjKnkQKeKO3WjNBDLTbEU9mMyyJgZCsJCC4fmZa sJN8yFW7JcG0jhhsEoBzYznT1dLxNliNs9kMiINoS1wWmIjHLHnHvaTDqDCE4Npd VQh/ZrI7paRdVI4wOJ299CuZ4cpB9lxWEKi4vQAP5Jg/EgZrACrmZFnPMJG5np/v lR2g+KCNxIvIpIlaGLbUOn4Ah0QMrfPEDFsLXHlYjfixdIrDjugbqdNnVYRvSOSt LsR+xZcPOJ/ZiJCnD+2MK8dy8QYgq62oW8xpvald58x/gUk/uR8IuwdvswTIUVTV +5k2YUcL+xcH1uEKHyMK3KCjty8aC+Rq+oEpkJjyFKJA1K0x161PIAdFq8P50VLn rcJUjxTIcMP7hgg3BCQzdXH5qucVnFTlHNwKrX4MoT9LsGiraTOqhRt5EJLWBy+/ oYg3k/Vgkm2HzmRBuMGydv8RMNCq2hZaEXWDKoMtWRRvmYTOKcNC4nUiE/V8Dbr0 KaYwkgTvycLJzzohkMIn =9riB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
Hi Chris - the servlet spec states "If the time out is 0 or less, the container ensures the default behavior of sessions is never to time out." Currently the timeout value is set to 2 minutes. However the problem is persisting - the environment is using Jersery Servlet 1.3 for REST. If we look inside web service stats - Longest session alive time: 183 s / Processing time: 625 ms Longest session alive time: 207 s / Processing time: 232 ms The current session timeout is set to 120 seconds, so neither of these above session times make any sense, unless a dependency is hanging? Theo From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 03/09/2015 16:43 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avios.com wrote: > Thanks Chris - that pointer is very helpful. > > Can you clarify by setting session-timeout to 0, implies after 60 > seconds the session will expire or does it imply the same as -1, > that sessions will not timeout? > > 0 > What does the servlet specification say about the values used there? Hint: your assumptions are already wrong. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6GptAAoJEBzwKT+lPKRYNC4P/0cuUR+RAyAHmWXcaQXIExai VgACUHVxqajMxaBPwVjfap/DRH25COmqzvMo2Bj8KtviL3wIRR5CDxySUObVx14A 4skSKdO8L0MvYaSmx2GDFRNTQkRKRe2EoNivbuCwuT06W0dKr1V2gPXyqp2f9Hm8 GIOOiToU43MONBR2n0IM+F/UvbFxaHVLJoWEIXZ3PoGIcVk6scmGVrS8fp6BvXmw xIWa0VWZuVTnJ0E32vVEuWNBnNSdwpnvQyR4dz5r+Ty/OATNeeYi9JiloBGlKPg0 j02bR8to+vZokGgRz+A1qxQZdmGFHxbsxgrWFNGRJz4MVuBT1kimBs4mq6yDWCg4 kC/lBEO/8QWGag2zuNW1s1oCI0jskEqTWd+PipNYAQSv/GGu7Tvpa5N6CUriePmH 3se/rJdiNlcI0S4AVJpnJ3d8kaxzOltlImP8VgBG5ep2FJH5kZ2biTtQRiHxXjUI FCw+hR5mNKauTGiUKfwc4BVswD0QMa3ncDONtKmOcyirpEZDEapTk5Un1bKZ7pso ZrmhcdhLO8BuK0EKyK4IoTiysyA43CJ+4Uu7MK8X8weJR74FyTKGBmg/5OqAypk+ QSc1BcEDv9JMH7tPI1Fcb412jGc0B9y/zMdQDcpSXp9Aw4CKl9bhJXY60GnjcxOH LgyxvMq/UZnoYRAFGRxX =//Bk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/4/15 6:14 AM, theo.swe...@avios.com wrote: > Hi Chris - the servlet spec states "If the time out is 0 or less, > the container ensures the default behavior of sessions is never to > time out." > > Currently the timeout value is set to 2 minutes. > > However the problem is persisting - the environment is using > Jersery Servlet 1.3 for REST. > > If we look inside web service stats - > > Longest session alive time: 183 s / Processing time: 625 ms Longest > session alive time: 207 s / Processing time: 232 ms > > The current session timeout is set to 120 seconds, so neither of > these above session times make any sense, unless a dependency is > hanging? Remember that the session timeout is not session age. If you have a process which is touching the session more often than every 2 minutes or so, then the session will live indefinitely. Is the background processing thread still running? If it dies, your sessions will never time out. Also, the background processing thread is the thread that reaps old sessions... if you have the background processor thread set to run infrequently, you'll see the behavior you describe. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6dciAAoJEBzwKT+lPKRYyogP+wfP5lNV8SxFTNDmiwLYxG/9 GnUxSQN8rQmWI6r1pl4UpWU+WFoUtL2BCTfnUuH2qP6Pg0KWn46P4Lon5XnThEqk 4mnHNCe4NYdGlw4rvVYgdy4zTP62hFvSm3ECb/QkZ1gcO1f8w4+0wqZh5k1g+0PQ HkOg9SYSHRAUUKtG2YBPZWbEMnjKnkQKeKO3WjNBDLTbEU9mMyyJgZCsJCC4fmZa sJN8yFW7JcG0jhhsEoBzYznT1dLxNliNs9kMiINoS1wWmIjHLHnHvaTDqDCE4Npd VQh/ZrI7paRdVI4wOJ299CuZ4cpB9lxWEKi4vQAP5Jg/EgZrACrmZFnPMJG5np/v lR2g+KCNxIvIpIlaGLbUOn4Ah0QMrfPEDFsLXHlYjfixdIrDjugbqdNnVYRvSOSt LsR+xZcPOJ/ZiJCnD+2MK8dy8QYgq62oW8xpvald58x/gUk/uR8IuwdvswTIUVTV +5k2YUcL+xcH1uEKHyMK3KCjty8aC+Rq+oEpkJjyFKJA1K0x161PIAdFq8P50VLn rcJUjxTIcMP7hgg3BCQzdXH5qucVnFTlHNwKrX4MoT9LsGiraTOqhRt5EJLWBy+/ oYg3k/Vgkm2HzmRBuMGydv8RMNCq2hZaEXWDKoMtWRRvmYTOKcNC4nUiE/V8Dbr0 KaYwkgTvycLJzzohkMIn =9riB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avios.com wrote: > Thanks Chris - that pointer is very helpful. > > Can you clarify by setting session-timeout to 0, implies after 60 > seconds the session will expire or does it imply the same as -1, > that sessions will not timeout? > > 0 > What does the servlet specification say about the values used there? Hint: your assumptions are already wrong. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV6GptAAoJEBzwKT+lPKRYNC4P/0cuUR+RAyAHmWXcaQXIExai VgACUHVxqajMxaBPwVjfap/DRH25COmqzvMo2Bj8KtviL3wIRR5CDxySUObVx14A 4skSKdO8L0MvYaSmx2GDFRNTQkRKRe2EoNivbuCwuT06W0dKr1V2gPXyqp2f9Hm8 GIOOiToU43MONBR2n0IM+F/UvbFxaHVLJoWEIXZ3PoGIcVk6scmGVrS8fp6BvXmw xIWa0VWZuVTnJ0E32vVEuWNBnNSdwpnvQyR4dz5r+Ty/OATNeeYi9JiloBGlKPg0 j02bR8to+vZokGgRz+A1qxQZdmGFHxbsxgrWFNGRJz4MVuBT1kimBs4mq6yDWCg4 kC/lBEO/8QWGag2zuNW1s1oCI0jskEqTWd+PipNYAQSv/GGu7Tvpa5N6CUriePmH 3se/rJdiNlcI0S4AVJpnJ3d8kaxzOltlImP8VgBG5ep2FJH5kZ2biTtQRiHxXjUI FCw+hR5mNKauTGiUKfwc4BVswD0QMa3ncDONtKmOcyirpEZDEapTk5Un1bKZ7pso ZrmhcdhLO8BuK0EKyK4IoTiysyA43CJ+4Uu7MK8X8weJR74FyTKGBmg/5OqAypk+ QSc1BcEDv9JMH7tPI1Fcb412jGc0B9y/zMdQDcpSXp9Aw4CKl9bhJXY60GnjcxOH LgyxvMq/UZnoYRAFGRxX =//Bk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
Thanks Chris - that pointer is very helpful. Can you clarify by setting session-timeout to 0, implies after 60 seconds the session will expire or does it imply the same as -1, that sessions will not timeout? 0 Theo From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 01/09/2015 17:23 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/1/15 4:29 AM, theo.swe...@avios.com wrote: > Mark - I took a look at the Manager How To Guide as seen here - > > https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses sions > > It mentions that it's possible to expire sessions for each > individual app using a command similar to - > > curl -X GET > http://username:password@localhost:8080/manager/text/expire?path=/exam ples=0 > > Do you know if a wildcard can be used for the app name? You can't. If you want to script it, you can write some code to pull the list of sessions and then interrogate them for various things. I'm not sure what the manager application's interface is willing to cough-up, but if you use JMX (either directly or via the manager's JMXProxyServlet), you can list the sessions, look at their attributes, and expire them using whatever criteria you want. Check out slide 40 in this presentation from ApacheCon NA 2015: http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%2 0Apache%20Tomcat%20with%20JMX_0.pdf This trick requires that you have an attribute in the session called "user" that has the user's username in the toString() output. It's just an example, but you can see how you can grab sessions and do things with them. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV5dDTAAoJEBzwKT+lPKRYRIUQAIuCucb4uj6o9uyr6CD/N+Yh 9NDAedOdxygaR14+uy8vHPB/V60O65bURSArFt65oNIB0U0YIA5A7/dpp+8NNWLE O31mJu9GPLb5X1RdArRV8esiI23QRkZWNtEuNPn1pVcVwMMmfym+NzX1N1Ng9Sdu Tkkom3GKf4MXujl4UqqiGEgy1nnSvmRUUoRAdGRsEWamz5GgfjFT6TIhmy+RBDxy Doh4iRxDNO9g0yMHL/SWxOssEh+unJCcFKEJEo2nsRkh4MjsOkmVlyzWHiXkC/IZ P+815UQjxgwPX+xQq2U3ptghj+SS3MJGKm2HuihF/ia+0xT7+0V0l1Oo8+H7y4Br 4Jf9FO9hfan9W0pnqi9U0tg3Ojthl8m1Q9nucU+v6CbGYUU5RExqaJBATU46wuda PvDCP8MkVmYGGPNnUDDi9RIw9dggKC/FPm//iLLSBeHKZMfN1PXBViQOZVbj3X84 Dc1RU7c7F1OfuXCcAb2koQJjDGmgxr7KF8mPtNdzq+dSUeVDn1L2JZziXJ6MICVp xrlslFSZ7iCUgpuc1+/FX99jG+CvxBj4v+LDgMlw1VEkqxeqg7V5HO5T4KhdHXZ2 IjjlUMsEUtsmIrF00EXyW/gXGyl15Nzn6ULEPFwnm4nUf0vEUVoWyjdBsXWaAo5O N8okIJvNcDxwaQWBWm7w =epgx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
Hi Chris, That's pretty much it (except the path for the app's web.xml looks a little odd). We are running multi-instance environment and this is why the path is $CATALINA_BASE/conf/web.xml Are the web services specifying their own session-timeout in the application-specific web.xml? No the web-apps are not specifying their own session-timeout. We want to run with a stateless environment. Eventually the session-timeout will be brought down to 0, but the current setting for 2 minutes doesn't work. The sessions do not timeout. Theo From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 28/08/2015 19:09 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 8/28/15 12:08 PM, theo.swe...@avios.com wrote: > Hello - currently HTTP sessions are configured to timeout after 120 > seconds, in $CATALINA_BASE/conf/web.xml > > 2 > I'd highly recommend that you move that configuration from conf/web.xml to your own web application's web.xml. > However this is not being honoured by the web services, where many > session are lasting longer. > >> From what I understand - the order for session timeouts is - > > HttpSession.setMaxInactiveInterval(int) > $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml > > Is there something that I'm missing? That's pretty much it (except the path for the app's web.xml looks a little odd). Are the web services specifying their own session-timeout in the application-specific web.xml? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV4KO3AAoJEBzwKT+lPKRYh8cQALjjzZ4glyywX4HrTpfAOtEJ Ck1LC/S82MgNfCfS1dOx8fUpuER6ZSJ+fkALjAMjAr5MmQX+/Z2nODvj/XWDLkRj 6Hyp/F+rEnExt4bS6idWz32hPtzDqxA4Ffxy9oCROihXXdvA0qGn6xGfKwtUaBH2 rviw3au4uD2W3iPffszUj3VnGQnWhK3QFQpFCLkpVu1lF/EiqBCL3XHIY+6cDzBO fpGWiFrk+9RSuP/uN3LEGzdZNvuHNiNu5OrlvBq9P8Q1zwya6fcuPGu0NvFD7ESl o0pCmcie9NUFXN1R0/RtT8uw7ZVELWrPx5C6zLR1tbwodMnarlQMazAdQFDDtiVK DLPjpKF0bPqAP3ORUzRAu3IfSaXhtgE77byAB8DLnPJjpKeyWEp4tCDP1CmI6NI1 5dVQmt5CJAo5pP5YAMM38GsJyY5NoQ2NI61tPJ/NFTJkV0pyCGlufiRMp6ySMvBP zY8CjhNEjhfEV35RB1hYzawhZ3hgV3oq78HLGLZ15eaYiBTBHyHyKgdbitRfawIP ICdvpuElYDPNKFI2SfSb3qQc64sm+kqN6B1DNWMALAWISNENB0ahu6D4a9UJTr0R FgFRCdpkkV8/3FfpoSpu2kzzBubYMA7XpMyuk9HWlABJvT99AJCwPeA2C5falShv j5HCHDLxsn1LzK8hl9mK =3HRA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
On 01/09/2015 08:53, theo.swe...@avios.com wrote: > Hi Mark > > Tomcat version? > > v8.0.21 OK. Fairly recent and no known issues. I'll add session expiration is testing as part of the 'unit' tests we run after every commit and I don't ever remember it failing. The same tests are also run before every release and must pass on multiple platforms before the release is started. > The usual causes are: > - something unexpected accessing the session > - the background processing thread is crashed / busy doing something >else > > Is there a command line mechanism to gracefully terminate sessions? No, but you can use the Manager app to view session contents and expire the sessions. Mark > > Theo > > > > > From: Mark Thomas <ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org>, > Date: 28/08/2015 19:13 > Subject:Re: Tomcat 8 Session Timeout > > > > On 28/08/2015 12:08, theo.swe...@avios.com wrote: >> Hello - currently HTTP sessions are configured to timeout after 120 >> seconds, in $CATALINA_BASE/conf/web.xml >> >> >> 2 >> >> >> However this is not being honoured by the web services, where many > session >> are lasting longer. >> >> From what I understand - the order for session timeouts is - >> >> HttpSession.setMaxInactiveInterval(int) >> $WebApplication/webapp/WEB-INF/web.xml >> $TOMCAT_BASE/conf/web.xml >> >> Is there something that I'm missing? > > Tomcat version? > > The usual causes are: > - something unexpected accessing the session > - the background processing thread is crashed / busy doing something >else > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > The Mileage Company Limited is a limited company registered in England under > company number 2260073 whose registered office address is at > Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify the > system manager. > > This footnote also confirms that this email message has been swept by > Mimecast for the presence of computer viruses. > - > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
Hi Mark Tomcat version? v8.0.21 The usual causes are: - something unexpected accessing the session - the background processing thread is crashed / busy doing something else Is there a command line mechanism to gracefully terminate sessions? Theo From: Mark Thomas <ma...@apache.org> To: Tomcat Users List <users@tomcat.apache.org>, Date: 28/08/2015 19:13 Subject: Re: Tomcat 8 Session Timeout On 28/08/2015 12:08, theo.swe...@avios.com wrote: > Hello - currently HTTP sessions are configured to timeout after 120 > seconds, in $CATALINA_BASE/conf/web.xml > > > 2 > > > However this is not being honoured by the web services, where many session > are lasting longer. > > From what I understand - the order for session timeouts is - > > HttpSession.setMaxInactiveInterval(int) > $WebApplication/webapp/WEB-INF/web.xml > $TOMCAT_BASE/conf/web.xml > > Is there something that I'm missing? Tomcat version? The usual causes are: - something unexpected accessing the session - the background processing thread is crashed / busy doing something else Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
Mark - I took a look at the Manager How To Guide as seen here - https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Sessions It mentions that it's possible to expire sessions for each individual app using a command similar to - curl -X GET http://username:password@localhost:8080/manager/text/expire?path=/examples=0 Do you know if a wildcard can be used for the app name? Theo From: Mark Thomas <ma...@apache.org> To: Tomcat Users List <users@tomcat.apache.org>, Date: 01/09/2015 09:02 Subject: Re: Tomcat 8 Session Timeout On 01/09/2015 08:53, theo.swe...@avios.com wrote: > Hi Mark > > Tomcat version? > > v8.0.21 OK. Fairly recent and no known issues. I'll add session expiration is testing as part of the 'unit' tests we run after every commit and I don't ever remember it failing. The same tests are also run before every release and must pass on multiple platforms before the release is started. > The usual causes are: > - something unexpected accessing the session > - the background processing thread is crashed / busy doing something >else > > Is there a command line mechanism to gracefully terminate sessions? No, but you can use the Manager app to view session contents and expire the sessions. Mark > > Theo > > > > > From: Mark Thomas <ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org>, > Date: 28/08/2015 19:13 > Subject:Re: Tomcat 8 Session Timeout > > > > On 28/08/2015 12:08, theo.swe...@avios.com wrote: >> Hello - currently HTTP sessions are configured to timeout after 120 >> seconds, in $CATALINA_BASE/conf/web.xml >> >> >> 2 >> >> >> However this is not being honoured by the web services, where many > session >> are lasting longer. >> >> From what I understand - the order for session timeouts is - >> >> HttpSession.setMaxInactiveInterval(int) >> $WebApplication/webapp/WEB-INF/web.xml >> $TOMCAT_BASE/conf/web.xml >> >> Is there something that I'm missing? > > Tomcat version? > > The usual causes are: > - something unexpected accessing the session > - the background processing thread is crashed / busy doing something >else > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at > Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. > > This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify the system manager. > > This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. > - > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
On 01/09/2015 09:29, theo.swe...@avios.com wrote: > Mark - I took a look at the Manager How To Guide as seen here - > > https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Sessions > > It mentions that it's possible to expire sessions for each individual app > using a command similar to - > > curl -X GET > http://username:password@localhost:8080/manager/text/expire?path=/examples=0 > > Do you know if a wildcard can be used for the app name? Sorry, it won't. Mark > > Theo > > > > > From: Mark Thomas <ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org>, > Date: 01/09/2015 09:02 > Subject:Re: Tomcat 8 Session Timeout > > > > On 01/09/2015 08:53, theo.swe...@avios.com wrote: >> Hi Mark >> >> Tomcat version? >> >> v8.0.21 > > OK. Fairly recent and no known issues. I'll add session expiration is > testing as part of the 'unit' tests we run after every commit and I > don't ever remember it failing. The same tests are also run before every > release and must pass on multiple platforms before the release is started. > >> The usual causes are: >> - something unexpected accessing the session >> - the background processing thread is crashed / busy doing something >>else >> >> Is there a command line mechanism to gracefully terminate sessions? > > No, but you can use the Manager app to view session contents and expire > the sessions. > > Mark > >> >> Theo >> >> >> >> >> From: Mark Thomas <ma...@apache.org> >> To: Tomcat Users List <users@tomcat.apache.org>, >> Date: 28/08/2015 19:13 >> Subject:Re: Tomcat 8 Session Timeout >> >> >> >> On 28/08/2015 12:08, theo.swe...@avios.com wrote: >>> Hello - currently HTTP sessions are configured to timeout after 120 >>> seconds, in $CATALINA_BASE/conf/web.xml >>> >>> >>> 2 >>> >>> >>> However this is not being honoured by the web services, where many >> session >>> are lasting longer. >>> >>> From what I understand - the order for session timeouts is - >>> >>> HttpSession.setMaxInactiveInterval(int) >>> $WebApplication/webapp/WEB-INF/web.xml >>> $TOMCAT_BASE/conf/web.xml >>> >>> Is there something that I'm missing? >> >> Tomcat version? >> >> The usual causes are: >> - something unexpected accessing the session >> - the background processing thread is crashed / busy doing something >>else >> >> Mark >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - >> The Mileage Company Limited is a limited company registered in England > under company number 2260073 whose registered office address is at >> Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. >> >> This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify > the system manager. >> >> This footnote also confirms that this email message has been swept by > Mimecast for the presence of computer viruses. >> > - >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - > The Mileage Company Limited is a limited company registered in England under > company number 2260073 whose registered office address is at > Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify the > system manager. > > This footnote also confirms that this email message has been swept by > Mimecast for the presence of computer viruses. > - > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/1/15 4:29 AM, theo.swe...@avios.com wrote: > Mark - I took a look at the Manager How To Guide as seen here - > > https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses sions > > It mentions that it's possible to expire sessions for each > individual app using a command similar to - > > curl -X GET > http://username:password@localhost:8080/manager/text/expire?path=/exam ples=0 > > Do you know if a wildcard can be used for the app name? You can't. If you want to script it, you can write some code to pull the list of sessions and then interrogate them for various things. I'm not sure what the manager application's interface is willing to cough-up, but if you use JMX (either directly or via the manager's JMXProxyServlet), you can list the sessions, look at their attributes, and expire them using whatever criteria you want. Check out slide 40 in this presentation from ApacheCon NA 2015: http://events.linuxfoundation.org/sites/events/files/slides/Monitoring%2 0Apache%20Tomcat%20with%20JMX_0.pdf This trick requires that you have an attribute in the session called "user" that has the user's username in the toString() output. It's just an example, but you can see how you can grab sessions and do things with them. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV5dDTAAoJEBzwKT+lPKRYRIUQAIuCucb4uj6o9uyr6CD/N+Yh 9NDAedOdxygaR14+uy8vHPB/V60O65bURSArFt65oNIB0U0YIA5A7/dpp+8NNWLE O31mJu9GPLb5X1RdArRV8esiI23QRkZWNtEuNPn1pVcVwMMmfym+NzX1N1Ng9Sdu Tkkom3GKf4MXujl4UqqiGEgy1nnSvmRUUoRAdGRsEWamz5GgfjFT6TIhmy+RBDxy Doh4iRxDNO9g0yMHL/SWxOssEh+unJCcFKEJEo2nsRkh4MjsOkmVlyzWHiXkC/IZ P+815UQjxgwPX+xQq2U3ptghj+SS3MJGKm2HuihF/ia+0xT7+0V0l1Oo8+H7y4Br 4Jf9FO9hfan9W0pnqi9U0tg3Ojthl8m1Q9nucU+v6CbGYUU5RExqaJBATU46wuda PvDCP8MkVmYGGPNnUDDi9RIw9dggKC/FPm//iLLSBeHKZMfN1PXBViQOZVbj3X84 Dc1RU7c7F1OfuXCcAb2koQJjDGmgxr7KF8mPtNdzq+dSUeVDn1L2JZziXJ6MICVp xrlslFSZ7iCUgpuc1+/FX99jG+CvxBj4v+LDgMlw1VEkqxeqg7V5HO5T4KhdHXZ2 IjjlUMsEUtsmIrF00EXyW/gXGyl15Nzn6ULEPFwnm4nUf0vEUVoWyjdBsXWaAo5O N8okIJvNcDxwaQWBWm7w =epgx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 8 Session Timeout
Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config However this is not being honoured by the web services, where many session are lasting longer. From what I understand - the order for session timeouts is - HttpSession.setMaxInactiveInterval(int) $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml Is there something that I'm missing? Theo - The Mileage Company Limited is a limited company registered in England under company number 2260073 whose registered office address is at Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Mimecast for the presence of computer viruses. -
Re: Tomcat 8 Session Timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 8/28/15 12:08 PM, theo.swe...@avios.com wrote: Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config I'd highly recommend that you move that configuration from conf/web.xml to your own web application's web.xml. However this is not being honoured by the web services, where many session are lasting longer. From what I understand - the order for session timeouts is - HttpSession.setMaxInactiveInterval(int) $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml Is there something that I'm missing? That's pretty much it (except the path for the app's web.xml looks a little odd). Are the web services specifying their own session-timeout in the application-specific web.xml? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV4KO3AAoJEBzwKT+lPKRYh8cQALjjzZ4glyywX4HrTpfAOtEJ Ck1LC/S82MgNfCfS1dOx8fUpuER6ZSJ+fkALjAMjAr5MmQX+/Z2nODvj/XWDLkRj 6Hyp/F+rEnExt4bS6idWz32hPtzDqxA4Ffxy9oCROihXXdvA0qGn6xGfKwtUaBH2 rviw3au4uD2W3iPffszUj3VnGQnWhK3QFQpFCLkpVu1lF/EiqBCL3XHIY+6cDzBO fpGWiFrk+9RSuP/uN3LEGzdZNvuHNiNu5OrlvBq9P8Q1zwya6fcuPGu0NvFD7ESl o0pCmcie9NUFXN1R0/RtT8uw7ZVELWrPx5C6zLR1tbwodMnarlQMazAdQFDDtiVK DLPjpKF0bPqAP3ORUzRAu3IfSaXhtgE77byAB8DLnPJjpKeyWEp4tCDP1CmI6NI1 5dVQmt5CJAo5pP5YAMM38GsJyY5NoQ2NI61tPJ/NFTJkV0pyCGlufiRMp6ySMvBP zY8CjhNEjhfEV35RB1hYzawhZ3hgV3oq78HLGLZ15eaYiBTBHyHyKgdbitRfawIP ICdvpuElYDPNKFI2SfSb3qQc64sm+kqN6B1DNWMALAWISNENB0ahu6D4a9UJTr0R FgFRCdpkkV8/3FfpoSpu2kzzBubYMA7XpMyuk9HWlABJvT99AJCwPeA2C5falShv j5HCHDLxsn1LzK8hl9mK =3HRA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 Session Timeout
On 28/08/2015 12:08, theo.swe...@avios.com wrote: Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config However this is not being honoured by the web services, where many session are lasting longer. From what I understand - the order for session timeouts is - HttpSession.setMaxInactiveInterval(int) $WebApplication/webapp/WEB-INF/web.xml $TOMCAT_BASE/conf/web.xml Is there something that I'm missing? Tomcat version? The usual causes are: - something unexpected accessing the session - the background processing thread is crashed / busy doing something else Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org